The "LogVHdrMessageVerb()" function in log.c contains a format string
vulnerability.
NOTE: Exposure to this vulnerability is reduced in Gentoo due to X.Org X
Server being built with "-D_FORTIFY_SOURCE=2" by default.

Impact

A local attacker could gain escalated privileges or cause a Denial of
Service condition.